Jackson's comments, commiserations, confabulations and simplifications on identity management and Microsoft's Active Directory all based on his continuous "reality tour" of meetings with customers, ISVs and Microsoft.

Tuesday, April 10, 2012

Utah Breach Shows Vulnerability of Health Records - NYTimes.com

"Eastern European hackers have stolen personal records for 780,000 people in the breach of a computer server in Utah...Hackers were able to breach the servers by exploiting a technician’s weak password."

And this is definitely a hack that could have been avoided if the proper procedures were followed for configuration of their server according to the article. Personally, I'd go further and take the reliance off of manual procedures and eliminate weak passwords through the use of a privileged account management product like Quest One Privileged Password Manager. Why bother leaving this to manual procedures that may be "forgotten" as happened in this case?

Privileged Password Manager ensures that when administrators require
elevated access, that access is granted according to established policy,
with appropriate approvals, that all actions are fully audited and
tracked and that the password is changed immediately upon its return.
It’s a secure, compliant and efficient solution to the age-old “keys to
the kingdom” problem. Privileged Password Manager is deployed on a
secure, hardened appliance.

Legal

The posts on this blog are provided “as is” with no warranties and confer no rights. The opinions expressed on this site are mine and mine alone, and do not represent those of my employer or anyone else for that matter. View this blog's privacy policy here.16 CFR § 255.5 disclosure: I am an employee of Quest Software.